The Accelerating Cyber Threat Landscape: Insights from Zafran Security CEO Sanaz Yashar
December 31, 2025
In an exclusive interview, Sanaz Yashar, CEO of Zafran Security, shares her perspective on the rapid evolution of cyber threats driven by artificial intelligence. With a background rooted in intelligence and cyber warfare, Yashar offers a sobering outlook on how AI is transforming the threat landscape.
From Spy to Cybersecurity Innovator
Yashar's journey began in her youth, migrating from Tehran to Israel and joining the elite Israel Defense Forces' cyber unit, Unit 8200. She describes her prior experience as “hacking architect,” emphasizing her deep understanding of offensive cyber capabilities. After years in military cybersecurity, she transitioned into the civilian sphere, co-founding Zafran in 2022—a company leveraging AI to help organizations identify and mitigate cyber risks.
The Surge in Exploitation Speed
Yashar recounts the alarming trend where cyber adversaries now exploit vulnerabilities in less than a day—what she terms a negative time-to-exploit. This rapid turnaround signifies that exploits are weaponized faster than they can be patched, a phenomenon driven by the capabilities of AI.
"It now takes less than a day to see vulnerabilities being exploited and weaponized—something I would never have imagined even five years ago," she states.
The Role of AI in Accelerating Attacks
AI doesn’t replace threat actors but amplifies their methods. Yashar highlights a recent Mandiant report indicating the average time-to-exploit (TTE) in 2024 has fallen to -1 days, meaning attackers often exploit bugs before patches are even released.
"78 percent of vulnerabilities are now weaponized using large language models and AI," she notes.
This swift pace makes traditional defense measures less effective, pushing companies to rethink their security strategies.
Expanding the Attack Surface
The proliferation of AI technology within organizational tools inadvertently broadens the attack surface. Attackers misuse AI systems through techniques like prompt injection or exploiting vulnerabilities within AI frameworks, gaining access to sensitive data or developing new exploit chains.
Yashar is particularly concerned about "collateral damage"—the unintended consequences resulting from attackers targeting AI systems, especially when such exploits fall into the hands of less experienced hackers or rogue state actors.
"The danger is not just the attack itself but what happens if AI vulnerabilities are exploited by those who don’t understand the full impact," she warns.
The Potential for Catastrophic AI-Induced Incidents
Drawing parallels to past major cyber events such as WannaCry (2017), Yashar warns that a similar, or even more destructive, incident could occur as AI-powered attack tools evolve. She emphasizes that the unpredictable nature of AI-driven exploits could escalate beyond current understanding and control.
"We haven't seen the worst of AI's potential in cyber warfare yet. The 'AI WannaCry' might be just around the corner," she warns.
Mitigation Through AI-Aided Defense
Rather than solely relying on traditional security solutions, Yashar advocates for using AI to combat AI-driven threats. Zafran has developed a platform that harnesses AI for threat exposure management, proactively hunting vulnerabilities and orchestrating remediations.
"Security must shift from merely providing insights to actively doing the work. AI agents will investigate, triage, and develop response plans—guided by human oversight."
Human and Machine Collaboration
Despite advances in AI, Yashar insists that human oversight remains vital. She explains that human behavior adapts more slowly than technology, making it essential to keep humans in the loop during critical decision-making processes.
"We are not at the point of fully automating threat response. Humans will always be needed to make nuanced judgments and manage risk."
Conclusion: Preparing for an Uncertain Future
Yashar concludes with a stark warning: the next major cyber catastrophe—her metaphor for an AI-driven attack on a massive scale—is inevitable unless organizations adapt their security strategies now. Her message emphasizes resilience, proactive defense, and the need for continued human-AI collaboration to safeguard the digital future.
Stay tuned for more insights on emerging cybersecurity challenges and solutions.